U.S. Justice Dept. Offers Guidance for Delayed Reporting Under SEC Cyber Rules
This article is from RISQ Consulting’s Zywave client portal, a resource available to all RISQ Consulting clients. Please contact your Benefits Consultant or Account Executive for more information or for help setting up your own login.
With the Dec. 18 effective date of the U.S. Securities and Exchange Commission’s (SEC) cyber incident reporting rules looming, federal officials have offered guidance on when it may approve delays in the interest of national security.
The SEC cyber rules, adopted this past July, give publicly traded companies four days to disclose the occurrence of a “material” cyber event via regulatory filing. The U.S. Department of Justice and the FBI gave examples of scenarios that may warrant delay.
“The primary inquiry for the Department is whether the public disclosure of a cybersecurity incident threatens public safety or national security, not whether the incident itself poses a substantial risk to public safety and national security,” stated the Justice Department. “While cybersecurity incidents themselves frequently threaten public safety and national security, the disclosure to the public that those incidents have occurred poses threats less often.”
These “limited circumstances” would apply to cases in which a company “reasonably” suspects the event occurred because of a tactic with no known mitigation—for example, an as-yet-unpatched software vulnerability.
Another example given included impacts to events impacting systems containing sensitive government information.
“This category includes systems operated or maintained for the government as well as systems not specifically operated or maintained for the government that contains information the government would view as sensitive, such as that regarding national defense or research and development performed pursuant to government contracts,” said the Department. It also highlighted events involving public companies performing remediation efforts for critical infrastructure or critical systems.
The FBI “strongly” encouraged companies to quickly contact federal officials as soon as they determine an event could threaten national security or public safety.
“This early outreach allows the FBI to familiarize itself with the facts and circumstances of an incident before the company makes a materiality determination,” said the agency. “If the victim of a cyber intrusion engages with the FBI or another U.S. government agency, this engagement doesn’t trigger a determination of materiality. However, it could assist with the FBI’s review if the company determines that a cyber incident is material and seeks a disclosure delay.”
- Published in Blog
These Three Trends Could Have Big Implications for Workers’ Compensation
This article is from RISQ Consulting’s Zywave client portal, a resource available to all RISQ Consulting clients. Please contact your Benefits Consultant or Account Executive for more information or for help setting up your own login.
Legislation surrounding the gig economy, single-payer health insurance and marijuana legalization all have the potential to impact the U.S. workers’ compensation system, according to a National Council on Compensation Insurance (NCCI) report.
Digital platforms such as Uber ushered in a modern gig economy and renewed public discourse on worker classification. Proposals in numerous states would provide criteria for determining whether a worker in the gig economy should be classified as an employee or an independent contractor. For instance, California has a three-part test to determine the status of a worker; lawmakers in Rhode Island and Vermont have considered similar tests. Other states, including Alabama, South Dakota and Washington, have focused on workers using digital platforms.
The NCCI noted that proposals making it more likely for a worker to be classified as an employee would generally benefit an injured worker in the event of a workplace accident. “On the other hand, proposals that would make it more likely for a worker to be considered an independent contractor may reduce costs for employers,” the organization said.
No state has fully adopted a single-payer health insurance system, though several are studying the issue, according to the report. Most proposals that reference workers’ compensation would direct the board of new state single-payer programs to “develop a proposal for coverage of healthcare items and services covered under the workers’ compensation system.”
California, Kansas, New York and Rhode Island considered or are considering such proposals this year. Last year, Washington enacted legislation establishing a new commission to study universal health care, and Oregon extended the life of a previously created task force.
And while marijuana remains illegal at the federal level, numerous states took steps this year toward legalizing marijuana for medical or recreational use.
States are divided on whether to allow, require or prohibit medical marijuana reimbursement in workers’ compensation. State policymakers may need to consider adopting a fee schedule or another mechanism to address reimbursement, the NCCI said. The legalization of recreational marijuana “raises concerns about workplace safety, drug-free workplace issues, and drug testing issues, and may also challenge employers and insurers to provide reimbursement,” according to the report.
Federal legalization would mean insurers may no longer need to worry about conflicts between state and federal law.
“Claims could be reported, and appropriate data could be collected, which would assist in understanding the impact of the use of marijuana in treating workers’ compensation claims,” the NCCI noted. However, it would still be up to states to determine how to address workplace safety, reimbursement and other concerns.
For more articles on workers’ compensation topics, contact RISQ Consulting today.
- Published in Blog